After system infiltration, Apocalyse encrypts victims' files and adds a .encrypted extension to the name of each encrypted file. (Updated variants of this ransomware use .locked and .missing extensions for the encrypted files and presents the ransom demanding message in .README.txt file.) For instance, if the file before encryption was named sample.jpg, it would be renamed to sample.jpg.encrypted. Furthermore, this ransomware creates a text file beside each encrypted file. The text filenames are associated with the encrypted files. For example, sample.jpg.encrypted.How_To_Decrypt.txt
The text files contain an identical message stating that files have been encrypted and that users must make contact using the email address provided (email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com or firstname.lastname@example.org) . Victims will supposedly then receive step-by-step instructions for paying a ransom. Unfortunately, the size of ransom is currently unknown, however, it usually fluctuates between 0.5 and 1.5 Bitcoin (to remain anonymous, cyber criminals demand ransom payments in Bitcoins). At time of research, 1 Bitcoin was equivalent to $689.94, however, research shows that developers of ransomware-type viruses are likely to ignore victims, despite payments made.